An approach for detecting malicious emails using runtime monitoring with hidden data
Sellers, Kristin R.
MetadataShow full item record
Computer systems continue to be at risk of attack by malicious software that are attached to email. Email has been determined to be the cause of 80% of computer virus infections. Millions of dollars are lost yearly due to the damage brought by malicious emails. Popular approaches toward the defense against malicious emails are antivirus scanners and server-based filters. Further, state-of-the-art methods are being employed to enhance security against malicious programs. However, despite efforts being subjected toward the protection of personal information in emails, malicious programs continue to pose a significant threat. This thesis presents the application of a hybrid of Runtime Monitoring and Machine Learning for monitoring patterns of malicious emails. The system is designed in a way that it gathers malicious emails to determine whether they are suspicious, unknown, or benign. The application of runtime monitoring helps reduce the chance that suspicious emails are spread and lowers the likelihood that users will be threatened. Patterns were developed in Rules4business.com to facilitate the detection of threats and apply rules to the identified rules validation, while at the same time tracking them. The runtime monitoring application system entails the detection of the malicious emails by assessing the pattern in which they are sent and qualifying them into different states identified as suspicious, unknown, or benign. Through the application of the system, it would be possible to eliminate threats posed to private individuals and corporations emanating from the malicious emails. We performed deterministic runtime monitoring, built a Hidden Markov Model (HMM), and performed runtime monitoring with hidden data. It is the reasoning about the patterns of malicious emails with hidden artifacts that provides the potential of providing improved classification.
Approved for public release; distribution is unlimited
Showing items related by title, author, creator and subject.
Bilzor, Michael B. (Monterey, California. Naval Postgraduate School, 2011-12);Security in computing systems to date has focused mostly on software. In this research, we explore the application and enforceability of well-defined security requirements in hardware designs. The principal threats to ...
Yilmaz, Abdullah (Monterey, California: Naval Postgraduate School, 2016-06);Although there is voluminous data flow in social media, it is still possible to create an effective system that can detect malicious activities within a shorter time and provide situational awareness. This thesis developed ...
Nguyen, Thuy; Gondree, Mark; Khosalim, J.; Shifflett D.; Levin, T.; Irvine, C. (International Conference on Information Warfare and Security (ICIW 2012), 2012-03-12);Network-based monitoring and intrusion detection has grown into an essential component of enterprise security management. Monitoring potentially malicious activities across a set of networks classified at different security ...